Optimal strategy selection method for moving target defense based on signaling game

To solve the problem of the optimal strategy selection for moving target defense,the defense strategy was defined formally,the defense principle from the perspective of attack surface shifting and exploration surface enlarging was taken into account.Then,network attack-defense behaviors were analyzed from the sight of dynamic confrontation and bounded information.According to the analysis of attack-defense game types and confrontation process,the moving target defense model based on signaling game was constructed.Meanwhile,the method to quantify strategies was improved and the solution of perfect Bayesian equilibrium was proposed.Furthermore,the optimal defense strategy selection algorithm was designed by the equilibrium analysis.Finally,the simulation demonstrates the effectiveness and feasibility of the proposed optimal strategy and selection method.     

基于不完全信息动态博弈的动态目标防御最优策略选取研究

针对动态目标防御的最优策略选取问题,分析了动态目标防御环境下的攻防对抗特点,提出了动态目标防御策略的收益量化方法,基于不完全信息动态博弈构建了面向动态目标防御的单阶段和多阶段博弈模型,给出了精炼贝叶斯均衡求解算法和先验信念修正方法,获得了不同安全态势下的最优动态目标防御策略.最后,通过实例说明和验证了上述模型和方法的可行性和有效性,总结了利用动态目标防御策略进行网络防御的一般性规律.     

Markov微分博弈模型及其在网络安全中的应用

当前基于博弈理论的网络安全研究成果难以应用于实时、连续、随机对抗的网络攻防过程.本文针对网络安全防御的实时性和网络状态变化的随机性,基于动态、实时对抗的视角分析攻防行为,在结合微分博弈模型和Markov决策方法的基础上进行扩展,构建Markov攻防微分博弈模型,分析具有多个阶段且每阶段持续时间较短的攻防过程;提出多阶段博弈均衡解计算方法,设计多阶段最优防御策略选取算法.仿真实验结果表明,模型和算法有效且可行.     

云原生下基于深度强化学习的移动目标防御策略优化方案

针对云原生环境下攻击场景的复杂性导致移动目标防御策略配置困难的问题,该文提出一种基于深度强化学习的移动目标防御策略优化方案(SmartSCR)。首先,针对云原生环境容器化、微服务化等特点,对其安全威胁及攻击者攻击路径进行分析;然后,为了定量分析云原生复杂攻击场景下移动目标防御策略的防御效率,提出微服务攻击图模型并对防御效率进行刻画。最后,将移动目标防御策略的优化问题建模为马尔可夫决策过程,并使用深度强化学习解决云原生应用规模较大时带来的状态空间爆炸问题,对最优移动目标防御配置进行求解。实验结果表明,SmartSCR能够在云原生应用规模较大时快速收敛,并实现逼近最优的防御效率。     

基于随机演化博弈模型的网络防御策略选取方法

针对攻防博弈系统中存在攻防策略集和系统运行环境改变等各类随机干扰因素的问题,传统确定性博弈模型无法准确描述攻防博弈过程.利用非线性Itó随机微分方程构建随机演化博弈模型,用于分析攻防随机动态演化过程.通过求解,并根据随机微分方程稳定性判别定理对攻防双方的策略选取状态进行稳定性分析,设计出基于随机攻防演化博弈模型的安全防御策略选取算法.最后,通过仿真验证了不同强度的随机干扰对攻防决策演化速率的影响,且干扰强度越大,防御者更倾向于选择强防御策略,攻击者更倾向于选择强攻击策略.本文模型和方法能够用于网络攻击行为预测和安全防御决策.     

基于Markov演化博弈的网络防御策略选取方法

当前运用博弈理论的网络安全研究大多采用完全理性假设,本文针对现实社会中攻防双方的有限理性限制条件和攻防过程的动态变化特征,基于非合作演化博弈理论,从有限理性约束出发,将演化博弈模型与Markov决策相结合,构建多阶段Markov攻防演化博弈模型,实现对多阶段、多状态攻防对抗的动态分析推演;依据博弈的折扣总收益设计目标函数,提出多阶段博弈均衡的求解方法,给出最优防御策略选取算法.通过实验验证了模型和方法的有效性.     

Website defense strategy selection method based on attack-defense game and Monte Carlo simulation

Aiming at the selection of security defense strategy in network attack-defense,the dynamic change process of mutual influence between attack-defense strategy was studied.Based on the game process of both offense and defense,the attack-defense game model was constructed,the attack process of the attacker based on Monte Carlo simulation was simulated and the attacker’s best attack utility was obtained,so as to calculate the best defensive utility of the defender.In order to maximize the effectiveness of network security defense,the optimal defense strategy under limited resources was implemented.Simulation experiments verify the effectiveness of the proposed method and analyze the influence of different parameter settings on the selection of defense strategy.     

Network moving target defense technique based on optimal forwarding path migration

Moving target defense is a revolutionary technology which changes the situation of attack and defense.How to effectively achieve forwarding path mutation is one of the hotspot in this field.Since existing mechanisms are blindness and lack of constraints in the process of mutation,it is hard to maximize mutation defense benefit under the condition of good network quality of services.A novel of network moving target defense technique based on optimal forwarding path migration was proposed.Satisfiability modulo theory was adopted to formally describe the mutation constraints,so as to prevent transient problem.Optimization combination between routing path and mutation period was chosen by using optimal routing path generation method based on security capacity matrix so as to maximum defense benefit.Theoretical and experimental analysis show the defense cost and benefit in resisting passive sniffing attacks.The capability of achieving maximum defense benefit under the condition of ensuring network quality of service is proved.     

Moving target defense against network eavesdropping attack using POF

Eavesdropping attack hereby was the major attack for traditional network communication.As this kind of attacks was stealthy and untraceable,it was barely detectable for those feature detection or static configuration based passive defense approaches.Since existing encryption or dynamic address methods could only confuse part of fields of network protocols,they couldn’t form a comprehensive protection.Therefore a moving target defense method by utilizing the protocol customization ability of protocol-oblivious forwarding (POF) was proposed,through private protocol packet randomization strategy and randomly drop deception-packets on dynamic paths strategy.It could greatly increase the difficulty of implementing network eavesdropping attack and protect the privacy of the network communication process.Experiments and compare studies show its efficiency.     

Moving target defense solution on network layer based on OpenFlow

In order to take an active part in network attack and defense,a moving target defense solution on network layer based on OpenFlow was proposed,using the flexibility of network brought by OpenFlow network architecture.On the network layer,through mapping the correspondent nodes’ addresses to pseudo-random virtual addresses in the LAN and mapping correspondent nodes’ ports to virtual ports,achieving the hiding of correspond nodes in the whole network and the information of network architecture.Researches verify the system’s effectiveness.Comparing with existing moving target defense solutions,the proposed algorithm can be deployed easily in the traditional network,and realize comprehensive protection of the corresponding in the whole network.     

Optimum response scheme of intrusion detection based on information theory

Intrusion detection system (IDS) often inevitably presents major security risks caused by FPs and FNs.However,at present,an effective solution has not been found.In order to solve this problem,an optimal response model of intrusion detection based on information theory was proposed.Firstly,the intruder and IDS in the process of intrusion detection were abstracted into random variables,and the attack and defense model of intruder and IDS was constructed according to the results of the confrontation.Secondly,the defense channel of IDS was designed according to the attack and defense model,then the correct detection of IDS was transformed into the problem of successful transmission of 1 bit information in defensive channel.Finally,the defensive capability of the system was measured by analyzing the channel capacity of the defensive channel,the maximum mutual information of the defensive channel was the defensive limit capability of the IDS,and the corresponding strategy distribution was the optimal response strategy of the defensive capability of the system.The experimental results show that the scheme can effectively reduce the loss caused by FPs and FNs.     

地面移动目标被动探测最优路径规划

提出了一种机载传感器对地面移动目标被动测量的最优路径规划方法。该方法考虑目标状态估计精度,采用扩展卡尔曼滤波算法进行传感器量测信息滤波,进而实时计算传感器目标探测跟踪的信息矩阵。在此基础上,考虑目标被动探测的环境及飞行器性能约束,以目标信息阵等为指标,进行被动探测最优路径规划,实现地面移动目标探测。最后,进行了该被动探测最优路径规划算法的仿真研究。研究结果表明,所提出的被动探测最优路径规划算法能够快速、有效地完成最优被动探测路径的规划计算。     

Research on active defense based on multi-stage cyber deception game

In view of the characteristic that attacker depended on the detected information to decide the next actions,the non-cooperative signal game theory was applied to analyze cyber attack and defense.The signal deception mechanism in the process of cyber attack and defense was considered deeply by constructing a multi-stage cyber deception game model,and the dynamic analysis and deduction of the multi-stage cyber attack and defense was realized by considering the attenuation of cyber deception signals.A solution for multi-stage cyber deception game equilibrium was improved based on analysis of cyber attack and defense,and an optimal algorithm for selecting cyber deception defense strategies was designed.The effectiveness of the model is verified by simulations.The rules of multi-stage cyber deception games are summarized based on the results,which can provide effective guidance for the research on cyber active defense.     

基于攻防微分博弈的网络安全防御决策方法

为准确分析快速变化和连续对抗的网络攻防行为,借鉴传染病动力学理论,提出安全状态演化模型分析网络系统安全状态的变化过程.在此基础上,构建攻防微分博弈模型,设计鞍点策略的求解方法,并以此为依据给出最优防御策略选取算法,实现在动态连续攻防过程中的实时最优防御决策.通过仿真实验验证了模型和算法的有效性,并在分析实验数据的基础上提出了针对性的网络防御建议.     

Markov game modeling of mimic defense and defense strategy determination

Network mimic defense technology enhances the robustness of active defense through the redundancy,dynamic and diversity as well as the decision feedback mechanism.However,little work has been done for its security assessment and existing classic game models are not suitable for its dynamic characteristics and lack of universality.A Markov game model was proposed to analyze the transfer relationship between offensive and defensive status and the measurement method of safety and reliability of mimic defense,and calculated the offensive and defensive game equilibrium through non-linear programming algorithm to determine the best defensive strategy considering performance.Experiments give a comparison with the multi-target hiding technique and shows that the mimic defense has a higher defensive effect.Combining with the specific network case,the specific attack and defense path for the exploit of the system vulnerability is given and the effectiveness of the defense strategy algorithm is verified.     

基于SDN架构的地址跳变技术研究

网络嗅探作为网络攻击的前奏,对于网络安全存在较大威胁。为增强网络本身的抗嗅探窃听能力,在移动目标防御网络的地址跳变技术的研究基础上提出了一种基于传输过程的地址跳变方案,主要思想是在SDN网络架构下,控制器通过为传输路由上交换机下发不同流表来实现IP地址的跳变。仿真结果表明,可以以较小的网络开销实现跳变机制,并使网络对于网络嗅探达到较高的防御能力。     

基于博弈论的无线传感网络节点攻防优化

针对无线传感器网络各节点在安全需求与资源消耗上存在的矛盾,提出一种基于博弈论的无线传感网络节点优化博弈模型.首先,通过分析网络节点中攻击方的攻击代价与防守方的防守开销,基于博弈论分析攻防双方的效用函数并构造攻防博弈模型;其次,根据网络节点中攻防双方选择的不同行动策略,结合信息论技术将攻防双方抽象成随机变量,并设计博弈信...     

基于变电站的入侵防御网络安全评估模型

网络攻击是最重要的变电站安全问题之一,为了更好地识别易受攻击的变电站,首先需要对侦察活动进行建模。在此基础上研究相应的网络攻击和防御策略。利用马尔可夫决策过程建立了变电站控制权竞争中的入侵防御模型。在模型中考虑了目标变电站、入侵者和防御者的关键特征。因此,通过求解模型,可以得到入侵者和防御者的最优策略。通过这些策略可以对变电站的网络安全状态进行评估。仿真实验结果验证了所提出的模型以及相应策略的可行性。     

基于时空域集成判决的微小运动目标检测方法

提出了一种基于时-空域集成判决的序列图像中微小运动目标检测方法。首先,将背景杂波抑制后的残差图像沿时间轴进行累加,形成组合帧,在组合帧中经过二元假设门限判决,检测出疑似目标;然后,只对疑似目标按可能的运动方向进行空域能量集成;最后,对目标轨迹进行统计判别。算法的性能分析和实验仿真结果表明,该方法在保证较高检测概率的同时,大大减少了运算量,有利于实时实现。     

基于Camshift的改进人脸跟踪算法

文中利用目标加速度运动位移方程,预测下一时刻目标可能移动的位置,使用预测位置误差方程,估测运动目标搜索范围,并且通过启动多个Camshift跟踪器的方法,改进Camshift算法。仿真实验表明,该方法有效地克服了Camshift算法自身的缺陷,即使是加速运动的目标,也可准确地预测运动目标的位置,并且有效提高了对遮挡目标跟踪和多个人脸目标跟踪的鲁棒性。